Tag Archives: struts2

I discussed security issues in a previous post regarding malicious HTTP request parameters injecting data into a Struts 2 application. Jon pointed out an interface I had forgotten about, ParameterNameAware. How this works is quite simple. Your action class implements ParameterNameAware, and in the acceptableParameterName(String parameterName) method, you return true only if the client is […]

There is a type of vulnerability which seems peculiar to Struts 2/WebWork applications and therefore may not be widely known. (It may exist in other frameworks as well, but I haven’t personally used any that have it.) The vulnerability is not part of Struts 2, but it enables it in the same sense that a […]

This website contains my own opinions and does not reflect the opinions of anyone else.
I do not guarantee that any information on this site is accurate.
Use at your own risk.
Content is subject to change or removal without notice.
All rights reserved.
Slippery when wet.
May contain peanuts.